Microsoft will release the first Patch Tuesday updates of the year tomorrow, with a total of 12 different vulnerabilities to be patched in Windows, Office, Developer Tools, .NET and Microsoft Server builds.
But according to Microsoft’s security bulletin advance notification for January 2013, two vulnerabilities could allow an attacker to run malicious codes on an unpatched Windows computer and, consequently, to take control of the system.
Qualys CTO Wolfgang Kandek says that the vulnerability most likely affects a Windows library.
“It is likely that it is a vulnerability in one of the base libraries of Windows that is widely used, such as Windows XML Core Services,” Kandek explained according to ThreatPost
Just as usual, Microsoft is yet to provide full details on the found bugs, but more information will be disclosed tomorrow when the patches become publicly available.